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(57) The admission control algorithm implements 
measurement-based connection admission control us- 
ing effective envelopes of an arriving traffic aggregate 
and the service curves of the corresponding departing 
traffic aggregate. The approach provides the statistical 



service guarantees to a variety of service classes. Ac- 
cording to the admission control algorithm, arriving traf- 
fic is admitted if the sum of the effective envelopes of 
the arriving traffic entering a network and admitted traffic 
currently in the network is less than or equal to the serv- 
ice curve. 
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Description 

BACKGROUND AND SUMMARY OF THE INVENTION 

5 [0001] The present invention relates generally to network-based communication architecture. More particularly, the 
invention relates to providing controlled quality of service in packet-based networks through admission control. 
[0002] Currently much of the Internet is designed to provide "best effort" service. The Internet Protocol (IP) is designed 
to deliver packets of information to an ultimate destination through any available internal links that enable delivery. The 
actual time it takes to deliver these packets depends on the route taken and the traffic congestion encountered in route. 

10 The original design of the Internet Protocol focused on providing ultimate delivery, with the actual time to achieve 
delivery being only a secondary consideration. 

[0003] As the uses for the Internet have grown, and as Internet traffic has expanded geometrically, the original em- 
phasis on delivery over timing is being challenged. With multicast applications and streaming audio and video appli- 
cations growing in popularity, packet delivery time has become a central focus. Quality of Service (QoS) is a term often 

15 used to describe the degree to which a communications network provides reliability, availability and timely throughput. 
Quality of service addresses issues such as transmission speed, timeliness of packet delivery, amount of jitter a network 
introduces into packet streams, and the probability of outright packet loss. As businesses begin to rely more and more 
on their Internet presence, some have expressed willingness to pay more for higher quality of service because the 
higher quality of service translates directly into a smoother, more responsive experience for their customers. Some 

20 Internet service providers thus offer different service level agreements through which they commit to provide different 
levels of service quality at different fee rates. 

[0004] There are many proposals for improving quality of service in packet-switched networks such as the Internet. 
Quality of service may be improved at the individual router level by making the routers faster and more intelligent. 
However this also increases the system cost. Other proposals address the quality of service issue at the network model 

25 level. At the network model level, the performance of individual routers are largely ignored; focus instead shifts to the 
aggregate performance of all routers in the network. One popular approach is to consider the aggregate network only 
in terms of its outer boundary or end-to-end performance. Using such an analytical approach, the performance of the 
entire network, and the quality of service it provides, can be largely controlled by the behavior of the routers occupying 
the edge of the network (that is, the routers at the ingress and egress points). 

30 [0005] There are several end-to-end network models for controlling quality of service (QoS) in popular use today. 
Among the leading models are Integrated Services (IntServ), and Multi-Protocol Label Switching (MPLS) and Differ- 
entiated Services (DiffServ). IntServ supports a per-flow quality of service guarantee. It employs a relatively complex 
architecture in which resources are reserved by means of a signaling protocol that sets up paths and reserves resourc- 
es. MPLS provides another quality of service guarantee approach that focuses on packet forwarding. Packets are 

35 assigned labels at the ingress of an MPLS-compatible domain. Subsequent classification, forwarding and services for 
the packets are then based on those labels. 

[0006] Models, such as IntServ and MPLS, address QoS on a per connection basis and can present scalability 
difficulties. To provide better scalability, other models have been proposed that address QoS on a traffic aggregate 
basis. DiffServ is one example of such a model. DiffServ provides quality of service guarantees to packet aggregates 
40 by marking packets differently to create different packet classes/aggregates that are entitled to different quality of 
service handling. 

[0007] For the most part, aggregate traffic-based network models share a number of common concepts. They begin 
from a premise that the network can be characterized as having edge and core routers. The edge routers accept 
customer traffic (i.e., packets from any source outside the network). Core routers provide transit packet forwarding 

45 services among other core routers and/or edge routers. The edge routers control ingress of traffic and thus perform 
an important admission control function, by permitting or declining requests by outside traffic to enter the network. With 
the ultimate traffic flow being controlled by the edge routers, through admission control, the core routers simply need 
to differentiate traffic insofar as necessary to cope with transient congestion within the network itself. The network 
models may employ statistical multiplexing to maximize utilization of the core router resources. 

50 [0008] Predicting and controlling traffic flow through a network at the aggregate level is a very complex problem. 
Admission control algorithms that overly restrict ingress waste internal core router resources. On the other hand, ad- 
mission control algorithms that are too lax can flood the network with too much traffic, resulting in severe drop in quality 
of service. There have been numerous admission control algorithms proposed. While some of these have been quite 
ingenious, there remains a great deal of room for improvement. 

55 [0009] For example, Centinkaya and Knightly, in an article entitled "Egress Admission Control," IEEE Info Com 2000, 
describe a framework for scaleable quality of service provisioning in which admission control decisions are made at 
the egress routers based solely on aggregate measurements obtained at the egress router. They introduce a meas- 
urement-based service envelope as a way to adaptively describe the end-to-end service received by a traffic class. 
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[001 0] The present invention is an improvement upon the above technique in which a measurement-based admission 
control algorithm is based on the global effective envelopes of an arriving traffic aggregate and upon the service curves 
of the corresponding departing traffic aggregate. The admission control algorithm is well adapted to a variety of different 
network models. Although the invention will be principally described in the context of a multi-router network, the con- 
5 cepts employed are equally applicable to autonomous network systems and even switching devices. In a switching 
device, for example, the switch hardware/software provides several input ports and output ports. The present invention 
may be used to control flow of traffic among these input and output ports. Therefore, the invention is applicable to 
"networks" of different architectural granularities, ranging from single device switches to large, multiple device computer 
network domain. 

10 [0011] For a more complete understanding of the invention, its objects and advantages, refer to the following de- 
scription and to the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

15 [0012] 

Figure 1 is a network diagram illustrating an exemplary end-to-end network model, useful in understanding the 
admission control algorithm of the present invention; 

Figure 2 is a block diagram illustrating the pertinent parameters associated with arriving traffic and admitted traffic 
20 in a network; 

Figure 3a is a flowchart diagram of the presently preferred admission control algorithm, illustrating global effective 
envelopes; 

Figure 3b is a similar flowchart diagram of the presently preferred admission control algorithm, illustrating local 

effective envelopes; 
25 Figure 4 is a graph illustrating the calculation of delay bound; 

Figure 5 is a timing diagram illustrating an example of a measured time interval, where T = 3i and M = 2; 

Figure 6a and 6 b are graphs illustrating measured arriving traffic for time interval ki 100 ms; 

Figures 7a and 7b are graphs illustrating measured service envelope for time interval 100 ms; 

Figures 8a, 8b and 8c are graphs of average link utilization as a function of delay bound for three different scenarios, 
30 for delay bound d 100 ms. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

[0013] Referring to Figure. 1, an exemplary network is illustrated at 10. Network 10 includes a plurality of edge 

35 routers, such as router 12 and router 14 that are in turn connected to a plurality of core routers 16. For purposes of 
illustration, the edge router 12 serves as the ingress node 18 and edge router 14 serves as the egress node 20. Arriving 
traffic enters through the ingress node and departing traffic leaves through the egress node, as illustrated. 
[0014] For purposes of illustration the arriving aggregate traffic 22 comes from network 24 via edge router 26. For 
purposes of illustration it will be assumed that the edge router 26 includes a traffic conditioner function 28, limiting the 

40 flow of arriving aggregate traffic to within predefined bounds. 

[0015] For purposes of illustration the departing aggregate traffic 30 exits edge router 14 and enters network 32. 
[0016] Network 10 implements an admission control function 34 which of the packets of arriving aggregate traffic 22 
are admitted to the network 10 and which are blocked. The admission control function 34 may be localized in a single 
router, such as edge router 12. Alternatively, the admission control function can be distributed across the network, with 

45 the function being performed by plural routers within the network 10. In accordance with the invention the admission 
control function 34 implements an admission control algorithm that is based upon the global effective envelope 36 of 
the arriving aggregate traffic 22 and upon the service curves 38 of the departing aggregate traffic 30. 
[0017] Figure 2 illustrates network 10 with the arriving traffic, admitted traffic and departing traffic being shown in 
greater detail. The figure introduces some of the terms that will be useful in understanding the presently preferred 

50 algorithm. The arriving traffic 22 is assumed to be supplied through a traffic conditioner or regulator 28, which may be 
implemented at the ingress node 18 to enforce the arriving traffic to comply with the traffic specification submitted by 
the sender. The traffic conditioner or regulator may be modeled as a leaky bucket that provides a simple metering 
function. Alternatively, the traffic conditioner may provide more sophisticated traffic shaping functions where the tem- 
poral characteristics of a traffic class are selectively modified by delaying local packet forwarding. 

55 [0018] Associated with arriving traffic 22 is a deterministic envelope 42. The deterministic envelope may be charac- 
terized in terms of three variables: peak traffic rate, average traffic rate and burst size parameter. The arriving traffic 
also is assumed to have an associated quality of service requirement 44. Typically each class of service would have 
its own quality of service requirement. Thus multiple QoS requirements are illustrated at 44 in Figure 2. The QoS 
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requirements may be characterized by the following variables: probability of delay violation and delay bound. 
[0019] The admitted traffic 46 may be differentiated from the arriving traffic, in that the admitted traffic has already 
passed the admission control point and is thus currently flowing in network 10. When the admitted traffic 46 leaves 
network 10 it represents departing traffic 30. The departing traffic 30 has associated with it a service curve or service 

5 envelope 48 that is measured by monitoring each packet's arrival time and departure time. 

[0020] The admission control algorithm of the presently preferred embodiment uses the associated deterministic 
envelope 42 of the arriving traffic and the associated service envelope 48 of the departing traffic in making a decision 
whether to admit or deny arriving traffic to meet the desired QoS requirements. Figures 3a and 3b show the presently 
preferred algorithm in flowchart form. A more rigorous mathematical derivation of the preferred algorithm is presented 

10 below. The flowcharts of Figures 3a and 3b make reference to specific equations from the detailed mathematical der- 
ivation, where applicable. A discussion of the flowchart will be presented first, as a way of introducing the detailed 
mathematical derivation that follows. Specifically, Figure 3a applies to global effective envelopes; Figure 3b applies to 
local effective envelopes. The content of these two figures is similar; hence a detailed discussion of Figure 3a is pre- 
sented below and may be considered applicable to Figure 3b, except where the mathematical derivation differs, as will 

15 be evident by comparing the Figures. 

[0021] Referring to Figure 3a, the preferred algorithm begins at step 60 with a request to be admitted to the network. 
As part of the request, the incoming traffic submits its traffic characterization, which is expressed in terms of charac- 
terization parameters 62. The specific parameters used by the presently preferred embodiment are: 

20 ■ " Deterministic Envelope Aj*(t); 

■ Quality of Service Requirements, QoS; 

■ Delay Bound, d; 

■ Probability of Delay Violation, e. 

25 [0022] Next, at step 64, the algorithm constructs a global effective envelope for the arriving traffic, based on the 
submitted parameters 62. In the mathematical derivation that follows, the effective envelope for arriving traffic is char- 
acterized as G new . The G new envelope is depicted in Figure 3 at 66. As indicated by the dashed lines and bracketed 
notation, step 64 is performed using equations 3.8-3.11. 

[0023] Next the algorithm continues at step 68 to construct a global effective envelope for the admitted traffic, based 
30 on measured statistics. Specifically, the measured statistics, listed at 70, include the average and the variance of the 
amount of arriving aggregate traffic. In the detailed mathematical derivation which follows, the global effective envelope 
for admitted traffic is designated as G w .In Figure 3, this G N envelope is shown at 72. 

[0024] The final admission control decision, step 74, is ma8e based on an analysis of both effective envelopes 66 
and 72 along with the service curve 40 calculated using equation 4.5 and the algorithm shown in Table I below. Spe- 
35 cifically, the admission control decision will admit incoming traffic if: 

G new *G q Nq <S q 

40 [0025] For a more precise statement of the above admission control condition, see the following detained description 
and in particular, Eqn. (3.12). 

Detailed Description of Preferred Admission Control Algorithm 

45 [0026] A detailed description of the preferred algorithm will now be provided below. For purposes of illustration a 
Differentiated Service (DS) or DifServ architecture will be assumed. The invention is not limited to the DS architecture 
inasmuch as the admission control algorithm of the invention may be used with a variety of network architectures. 
[0027] In order to provide Quality of Service (QoS), the Integrated Services (IS) architecture use a signaling protocol 
to set up resource reservations at all routers along the path. Since this approach requires that all routers have to keep 

50 per-flow state and process the per-flow resource reservations, this approach has known scalability problems. Differ- 
entiated Service (DS) is another approach to provide QoS, but without the restriction on scalability. Routers need only 
to implement scheduling and buffering mechanisms and apply them based on the DS Code Point (DSCP) presented 
in the header of arriving packets. The end-to-end QoS service across several domains is built by combining the per 
domain behaviors (PDBs) of individual DS domains. Those PDBs in their terms are constructed by an appropriate 

55 deployment of per-hop forwarding behaviors (PHBs). Several DS domains can exist within a single autonomous system 
(AS). The definition of PDBs is an active area of research, with the first few drafts currently available]. Hence DS 
addresses scalability by providing QoS guarantees on traffic aggregate level. 

[0028] As discussed above, one of the critical requirements for service provisioning across a DS domain is a presence 
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of an effective Connection Admission Control (CAC). Such admission control can be utilized while establishing dynamic 
service level agreements (SLAs) for premium service across DS network, or consulted upon re-negotiations of static 
SLAs. Bandwidth Broker (BB) entity of a DS domain is a typical place for such admission control. The difficulty involved 
in designing the effective CAC, is that many solutions lead toward topology-dependent implementations, thus limiting 

5 their scope and increasing their complexity. 

[0029] To implement admission control for DS without scalability problems, several researchers have proposed var- 
ious forms of Endpoint CAC. In this design, the endpoints of a DS domain (ingress/egress routers) perform admission 
control and resource management. The routers measure traffic in the network to detect the level of available resources 
and admit a new connection if and only if, the detected level of resource is sufficiently high. 

10 [0030] The preferred embodiment provides a measurement-based CAC algorithm, which provides statistical QoS 
guarantees on a traffic aggregate level in a DS domain. The ingress traffic arriving at the boundary of a DS domain is 
assumed to be conditioned by the upstream domains, policed by our domain to adhere to the rules of an established 
SLA, and further marked with the appropriate DSCP. Leaky-bucket based policers, shapers and markers are widely 
proposed. As the DS architecture extends some PDB for a traffic aggregate, we call this traffic aggregate a class in a 

15 subsequent discussion (different from DS class). We target the PDBs, which offer delay guarantees to a classified 
traffic aggregate given both delay and delay violation probability. We described the deterministic envelopes, i.e., arriving 
traffic envelopes and service envelopes, and the bound on performance characteristics, which can be obtained, from 
those envelopes. We then derive a measurement-based CAC to establish dynamic SLA and provide statistical guar- 
antees for a variety of service classes by exploiting the statistical traffic envelopes, called global effective envelopes 

20 and service curves. To obtain these envelopes, we use the measurement approach. The measurement of the service 
curves allows our admission control condition to work without the knowledge of the topology of the DS domain and 
cross traffic in the domain. 

[0031] Let us consider a traffic arriving to a network domain. The traffic enters the domain at an ingress node 18 and 
destines to an egress node 20 (see Figure 1). In the following we consider a continuous-time fluid low traffic model. 

25 An arriving traffic from different flows is differentiated by its QoS requirements. Here we consider the probability of 
delay violation and the delay bound as the QoS requirements of interest. An arriving traffic with the same QoS require- 
ments, i.e., the same delay bound and probability of delay violation requirements, is treated as a service class. Hence, 
arriving traffic into the domain is partitioned into Q classes. We use N q to denote the number of flows within a class q. 
[0032] The arriving traffic from the flow j of the class q in an interval (f 1f f 2 ) is denoted as A q (t^J 2 )- We assume that 

30 traffic arrival from each flow j is regulated by a traffic conditioner and upper bounded by a deterministic subadditive 

envelope A q *(i) as follows: 
J 

A q (t,t + <z)<A q *(i) Vf>0, Vt>0. (2.1) 

35 

[0033] The arriving traffic is characterized by the deterministic envelope with a set of parameters. The most commonly 
used traffic regulators are leaky buckets with a peak rate enforcer. The traffic on flow j is characterized then by three 
parameters (PpOppfi with a deterministic envelope is given by 

40 

Aj (t) = min{P?T,a? + p?x} Vt > 0 (2.2) 



where P q > p q is the peak traffic rate, p q is the average traffic rate, and o q is the burst size parameter. 
As a generalization of the peak-rate enforced leaky bucket the traffic on flow /'may be characterized by a set of pa- 
45 rameters {o q ,p q } k= ^ Kj , with a deterministic envelope 

jk jk J 



A f (T) = + P * T} (2 " 3) 

where K? is the number of leaky-bucket pairs. 

[0034] y lt is also noted that flows from the same service class can be characterized by different deterministic enve- 
lopes, but can have the same QoS requirements. 

We use A qout (t A ,t 2 ) to denote the traffic from flow j of the class q leaving the domain at the egress node in an interval 
(t, ,f 2 )- We then define the aggregate traffic of class q as follows: the aggregate of arriving traffic, 
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and the aggregate of departing traffic 



For a time interval of length p, we define the empirical envelope, E Nq (%;P>) of an arriving aggregate N q of flows from 
15 class g, which is the upper bound of the arriving aggregate in any time interval of length t < P as follows: 



E Nq (r yJ ff)= sup A Nq (t 9 t + r) (2.4) 

20 

[0035] In the following, we will focus our discussion on the aggregate traffic of a single service class and drop the 
index 'g* . We will introduce the definition of a service curve and its application. We assume that there is no traffic in 
the domain at time t = 0. Therefore, for an aggregate traffic, the amount of backlogged traffic in the domain at any time 
25 t, B(f), is given by 

B(t) = A N (0J)-A° N ut (0,t)>0. (2.5) 
30 Also the ingress-to-egress delay suffered by the aggregate traffic at time t is denoted by d(t) and is defined as follows: 

d(t) = mm{z : z > 0 and A N (0 9 t) < A™'(Q>t + z)} (2.6) 

35 

Definition of Service Curve 

[0036] Let S(-) be a non-decreasing function, with S(0) = 0. We say that the domain guarantees the service curve S 
(■) for the aggregate traffic if for any time f, there exists s < t such that B(s) = 0 and y4^(s,f) > S(f - s) . 

40 [0037] It can be seen that S(f - s) specifies the lower bound of the amount of the aggregate traffic needed to be 
served and depart from the domain during some interval (s,t), where the domain is empty at time s. 
[0038] From the definition of service curve, the upper bound of delay can be obtained as follows. Consider a busy 
period of length p. Let s denote the starting time of the busy period, that is, B(s) = 0 and A N (0,s) = >A^(0,s). We assume 
that the domain guarantees the service curve S(-), that is >A^(s,f) > S(r - s), where s < t + d < p. From the definition of 

45 service curve, we have A°*(s,t + d) = A out (0,t + d) - A N (0, s)>S(t+d- s). From Eqn. (2.6), thus, A^Ofi > A™*(0,t + 
cO > A N (0,s) + S(t+ d- sJ^Hence, from £qn. (2.4), 

A N (s,t) < E N (t - s;P) > S(t + d - s) (2.7) 

50 

Let t = t - s, it then follows that, for all time t > 0, the delay defined in Eqn. (2.6) is upper bounded as follows: 
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d(t) < min{z : z > 0 and E N (r; fl)<S(r+ z)} 
s < max min{z : z > 0 and E N (r; /?) < S(r + z)} (2.8) 

0<r<B 

From Eqn. (2.8), it is note that the upper bound on delay is the maximum horizontal distance between the arriving 
aggregate envelope (E w (t;P)) and the service curve S(t) (see Figure 4). It is also noted that p is upper bounded by 
10 Pmax> which is the maximum busy period of the aggregate traffic and can be determined as: 



/? mm =mf{r>0\j:A*(T)<S(T)}. 



Therefore, we will use (3 = p max in the following discussions. 

[0039] The preferred admission control algorithm exploits the deterministic envelopes and the service envelopes to 
obtain the upper bound of the delay experienced by an arriving traffic based on the worst-case scenario where it is 
20 assumed that all flows send traffic with their peak rate simultaneously. 

[0040] In the next section, following the concept of the described envelopes, we will derive a statistical service where 
a small portion of traffic is allowed to violate the delay QoS requirement. We will use so called global effective envelopes 
to characterize arriving aggregate traffic for each class. Using these envelopes allows us to derive a CAC for statistical 
services which can be perform the same fashion as for deterministic services. 

25 

Probabilistic Guarantees with Effective Envelopes and Service Curves 

[0041] In this section, we derive the probability of delay violation based on the upper bound of the delay shown in 
the previous section. We then obtain an admission control condition for a single service class by applying the definition 
30 of local and global effective envelope presented in R. Boorstyn, A. Burchard, J. Liebeherr, and C. Oottamakorn. Effective 
envelopes: Statistical bounds on multiplexed traffic in packet networks. In Proceedings of IEEE INFO COMM 2000, 
Tel Aviv, Israel, March 2000 (hereinafter "Boorstyn, et. al"). We finally discuss the admission control conditions for 
multiple service classes. 

35 Probabilistic Guarantees with local Effective envelopes and Service Curves 

[0042] Again we will first consider a single service class and we drop the index , g\ An aggregate of arriving traffic 
from the same service class ^(^^2) has the same probability of delay violation, e, and delay bound requirement, d. 
a n(U ^2) are upper bounded by a family of nonnegative random processes A w (f 1? f 2 ), which has the following properties: 

40 (1) Stationarity: the statistical properties of A N (t^,t 2 ) do not change with time (2) Independence: The A N {t A ,t 2 ) are sto- 
chastically independent among all service classes. Let again D n (t) denote the ingress-to-egress delay experienced 
by a bit of an aggregate traffic of the N flows which arriving at the domain at time t. We assume that D n (t) is a random 
variable. For a given delay bound d, the domain guarantees that the ingress-to-egress delay of any arriving bit will not 
exceed the delay bound c/, that is, for all time t > 0, 0 < t < B max , from Eqn. (2.8), D N (i) = min{z : z > 0 and A^tJ + t) 

45 < S(t + z)}<d or, for all time t > 0, 0 < t < 6 max , A N (t,t+x) < S(t + d). The delay violation occurs if 3D w (x) such that 

D w (t) > d 

50 or, 3t such that 

A N (t,t+x) > S(x+d) 

55 [0043] With Eqn. (2.8), the probability that the arriving traffic experiences a delay violation is required to be bounded 
by e and we have, for all time t > 0, 0 < t < 6 max , 
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Pr[.D y (*■)><*] - Vr[A„(t,t + r)>S(t + dy] < s (1) 

A set of new flows request same service guarantees from a DS domain. The CAC uses the admission control test to 
ensure that the requested service guarantees and other flows from all service classes can be simultaneously satisfied. 
From Eqn. (1), we can obtain the admission control condition for a single service class by using the definition of local 
effective envelope as follows: 

Definition (Local Effective Envelope) 

[0044] A local effective envelope for A^tJ + t) is a function L N that satisfies for all t > 0 and all t 

T?r[A N (t, t + r)<L N (r; £)]>!-£ 

It can be seen that a local effective envelope provides a probabilistic bound for the aggregate traffic A N {t,t + %) for any 
specific time interval of length t. 

Lemma 

[0045] Given a set of flows that is partitioned into M classes, and each class contains N m flows with aggregate 
arrivals, A N Let L N (t;8) be local effective envelope for class m. Then the following inequality holds: given x, 



if ^L Nm {z\s) <x, then for ail t, Pr 



<M>£. 



We divide flows from the same service class into two categories, i.e. M =2. The first group is the set of flows, N that 
are already admitted to the domain. The second group is the new set of flows, K, requesting the QoS service from a 
DS domain. We denote L N as the local effective envelope of the first group and L new as the local effective envelope of 
the second group. 

Admission control condition for a single service class 

[0046] From the definition of the local effective envelope and the lemma, from Eqn. (1), we have that the arriving 
traffic has a delay violation with probability < 8 if 

L n (x;e/2) + L new (x;e/2) < S(x+d) , for 0 < x < S max (2) 

[0047] Remark: 

* 

• If for the same service class the set of new flows are regulated by different deterministic envelopes A . , for each 

set of flows which have the same A it is required to construct their U (-;e/),where 

J new J 



J 

Therefore Eqn. (2) becomes 
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L N (r,s/2) + ^ j Li ew (r;s J )<S(r + d) , for 0 < r < £ max (3) 

J 

5 

• The CAC in Eqn. (2) does not depend on the topology of the domain and the scheduling algorithms within the 
domain, but the measurement-based traffic-characterized envelopes, which can be measured at an ingress and 
egress node in a DS domain. 

10 Local Effective Envelope using Measured Moment 

[0048] We consider a set of admitted flows, N. We characterize the distribution of the aggregate traffic using the 
Central Limit theorem, which does not require the knowledge of the underlying distributions of each flow. An approxi- 
mate local effective envelope of the aggregate traffic can be obtained from the Central Limit Theorem as follows [1]. 
15 From the definition of the local effective envelope, we set PrlA^tJ + t) > x] ~ e/2 and we obtain, 

L n (t)z/2)=X(t) + zg(t) (4) 

20 where z has the approximate value z « J\\og(2m)\ , and X(t) and o 2 (t) are measured average and variance of 

the amount of aggregate traffic, respectively. We will discuss those measurements in the next section. 
[0049] Since the number of new flows may be just a few flows, the Central Limit theorem may not be the appropriate 
choice for constructing their local effective envelope, i.e., the bound obtained may not be tight enough. Instead, we 
will use the Chernoff bound, which provides more rigorous bound on the aggregate traffic. The local effective envelope 

25 of a set of new flows, K, can then be obtained by using the Chernoff bound, and is given as follows: 
[0050] Recall the Chernoff bound for a random variable Y: 

Pr[7 > y] < e' sy E[e sy ] \/s>0 (5) 

We have 

35 Pr[^ (*, t + r) > Kx] < e'^Mx (j, r) . (6) 

where M^s.x) is the moment generating function of the aggregate traffic. 

[0051] In Boorstyn, et. al. M^s.t) is derived and given in term of the deterministic envelopes of the flows, that is the 
40 leaky bucket function in our case, s is chosen so that Eqn. (6) is minimal. With these values of s and M^s.x), it yields 

L new (i;e/2) = Kmin{x,/\^(x)} (7) 

45 ^_ 1 , x 

kv <(e/2) w (8) 

KxJ \A K (x)-x) 

* 

50 where A (t) is a deterministic envelope for each new flow. 

Admission control condition for multiple service classes 

[0052] The admission control condition in Eqn. (2) does not provide the guarantee that QoS requirements of other 
55 service classes use the same ingress-to-egress path will be satisfied if a new set of flows is admitted into the domain. 
To be able to provide their guarantees, without loss of generality, we assume that the new flows have the highest priority 
and we test the admission control condition for all the service classes. This can be shown as follows. For each service 
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q 

class we obtain an arriving aggregate traffic envelope L N (r,E q 12) and a service envelope S%-). From Eqn. (2), the 
new flows with an arriving envelope L nev J(v,Eqf2) will be admitted if the following condition is satisfied: for all service 
classes q, 

L q N fre q /2) + L new (x;e q /2) < S q (x + d q ) , for 0 < t < B max (9) 

In this section we show our CAC, which depends on the measurement-based envelopes (L N (-;z) and S(-))- In the next 
section we show how to obtain these envelopes. 

10 

Probabilistic Guarantees with Global Effective envelopes and Service Curves 

[0053] In this section, we derive the probability of delay violation based on the upper bound of the delay shown in 
the previous section. We then obtain an admission control condition for a single service class by applying the definition 
*5 of global effective envelope presented in. We finally discuss the admission control conditions for multiple service class- 
es. 

[0054] Again we will first consider a single service class and we drop the index 'q'. An aggregate of arriving traffic 
from the same service class in the interval (t, ,t 2 ) , ^2) nas tne same QoS requirements: probability of delay violation, 
e, and delay bound requirement, d. A N (t^,t 2 ) is characterized by a family of nonnegative random processes, which has 

20 the following properties: (1) Stationarity: the statistical properties of A^,t 2 ) do not change with time (2) Independence: 
The A^t^ f t 2 ) are stochastically independent among all service classes. Consider an interval of length of the maximum 
busy period p. Let again D^t) denote the ingress-to-egress delay experienced by a bit of an aggregate traffic of the N 
flows which arriving at the domain at time t during the busy period. We assume that D N (t) is a random variable. For a 
given delay bound c/, the domain guarantees that the ingress-to-egress delay of any arriving bit will not exceed the 

25 delay bound d, that is, from Eqn. (2.8), for all t, 0 < t < p, 



D„(t) = min{z : z > 0 and sup A N (t,t + r) < S(r + z)} ^ d (3.1) 

30 

or, for all t, 0 < t < p, 



sup A N (t 9 t + r) = E N (r,fi)<S(r + d). (3.2) 



The delay violation occurs if 3D N (t) such that 

40 

D N (t) > d 

or, 3t, t such that 

45 

sup A N {t,t + r) > S(r+d) 

50 

With Eqn. (3.2), the probability that the arriving traffic experiences the delay violation is required to be bounded by e 
and we then have 



55 
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< \-s (3.4) 



A set of new flows request same service guarantees from a DS domain. The CAC uses the admission control test to 
ensure that the requested service guarantees and other flows from all service classes can be simultaneously satisfied. 
10 From Eqn. (3.4), we can obtain the admission control condition for a single service class by using the definition of 
global effective envelope as follows: 

Definition of Global Effective Envelope 

15 [0055] A global effective envelope for an interval of length p is a subadditive function G w (t;P,8) that satisfies: 



Pt[E n (r, 0) < G N *), VO < r < fi\ > 1 - s 

20 



It can be seen that a global effective envelope provides a probabilistic bound for the aggregate traffic A N (t,t + t) for 
every time interval of length i in p. 



25 Lemma 



[0056] Given a set of flows that is partitioned into M classes, and each class contains N m flows with aggregate 
arrivals, A Nm . Let G Nm (i;P,e) be global effective envelope for class m. Then the following inequality holds: given x, 



30 



If ]T G Nu (r; J3 9 s) < x , then for all t , Pr 



3m3r:^TE Nm (t,t + r) > x(t) 



<M-£. 



We divide flows from the same service class into two categories, i.e. M = 2. The first group is the set of flows, N that 
are already admitted to the domain. The second group is the new set of flows, K, requesting the QoS from a DS domain. 
We denote G N as the global effective envelope of the first group and G new as the global effective envelope of the 
second group. 

40 

Admission Control Condition for a Single Service Class 



[0057] From the definition of the global effective envelope and the lemma, from Eqn. (3.4), we have that the arriving 
traffic has a delay violation with probability <e if 

45 

G w (T;p,e/2) + G„ eM ,(T;p,e/2) < S(x + d) , for 0 < t < B (3.5) 



Remark: 
[0058] 

* 

• If for the same service class the set of new flows are regulated by different deterministic envelopes A , for each 
set of flows which have the same A . it is required to construct their d (-;P,e/), where 



11 



EP1 217 793 A2 



Therefore Eqn. (3.5) becomes: 



10 



G N (r,A*f2) + 'ZGi w (T;/?,£ J .)<S(r + d) ,for0<r<5 (3.6) 



• The CAC in Eqn. (3.5) does not depend on the topology of the domain and the scheduling algorithms within the 
domain, but the measurement-based traffic-characterized envelopes, which can be measured at an ingress and 
15 egress node in a DS domain. 

Constructing the Global Effective Envelope 

[0059] We consider a set of admitted flows, N. We characterize the distribution of the aggregate traffic using the 
20 Central Limit theorem, which does not require the knowledge of the underlying distributions of each flow. An approxi- 
mate global effective envelope G/^p.e) of the aggregate traffic can be obtained from the Central Limit Theorem as 
follows. From the definition of the global effective envelope, we set PrlEy^P) > x, V0 < t < P] « e. For given t 0 ,P we 
then have, for every integer k, 

25 

G N (r, A s) « a[X((k + 1)r/k)+ z'a{({k + 1)r / k)] , Vre[r 0> /?] (3.7) 

30 where a = 1 + 1/(/c+ 1), z' has the approximate value z' « V|log(27ie , )| withe* = T 0 (a-1)e/p/c,X(T) and o 2 (t) are measured 
average and variance of the amount of aggregate traffic, respectively. We will discuss those measurements in the next 
section. 

[0060] From Eqn. (3.4) it can be seen that there are several possible global effective envelopes. For given t 0 ,P , the 
method recursively calculate the k h a h and t, for 1 <i<n, where x n is the first point which is greater than p, therefore 
35 we can obtain n points of a global effective envelope as follows: 



40 



V 



^0,-i) ) 



(3.8) 



45 



«,= i + S^. (3-9) 



(3-10) 



50 and, from Eqn. (3.7), 



55 



G N (r, ;M~ a, [X{{k, +1)r, lk t ) + Sofa, + 1) r f / *, )] (3.11) 

where z « V|log(27ce)| . 
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For a set of new flows, one can obtain the global effective envelope of the new flows G new by using the same recursive 
method as follows. However, instead of using the measurement-based X(t) and o 2 (t), in Eqs. (3.8) and (3.11) X(t) = 
Kp K i and <j 2 (t) = Kp K x(A K (x) - p K x), where p K is the long-term average and A^(t) is a deterministic envelope for each 
new flow. 

5 

Admission Control Condition for Multiple Service Classes 

[0061] The admission control condition in Eqn. (3.2) does not provide the guarantee that QoS requirements of other 
service classes use the same ingress-to-egress path will be satisfied if a new set of flows is admitted into the domain. 
10 To be able to provide their guarantees, without loss of generality, we assume that the new flows have the highest priority 
and we test the admission control condition for all the service classes. This can be shown as follows. For each service 

q 

class we obtain an arriving aggregate traffic envelope G N (T;P,8 q 12) and a service envelope SQ(-). From Eqn. (3.5), 
the new flows with an arriving envelope G„ ew (T; 0,8^2) wffl be admitted if the following condition is satisfied: for all 
service classes q, 

15 

G^(T;p,e Q /2) + G new (T,p,e q /2) < S q (z+d q ) , for 0 < t < B (3.12) 

In this section we show our CAC, which depends on the measurement-based envelopes (G N (-,$,e) and S(-))- In the 
20 next section we show how to obtain these envelopes. 

Measurements of Perspective Envelopes 

[0062] In this section, based on, we show how to measure the characteristic parameters for constructing the global 
25 effective envelopes of the arriving aggregate traffic and the service envelope of the departing aggregate traffic for a 
single service class. First we measure the average and variance of the amount of arriving aggregate traffic, which are 
used in Eqn. (3.3). We then measure the service envelope of a single service class traffic. At the end of this section 
we show the admission control algorithm that we will use in the evaluation example below. 

30 Measurement of Aggregate Arriving Envelopes 

[0063] We are interested in the aggregate characteristic of an arriving traffic at ingress node. To characterize the 
aggregate traffic as a Gaussian process, we need to measure the first and second moment of the amount of traffic 
arriving at the ingress node. We note that in, the average and variance of arriving traffic rate are measured, while here 

35 we measure the average and the variance of the amount of an arriving traffic. Again let A N (t A ,t 2 ) denote the arriving 
traffic from an aggregate flow in the interval (t v t 2 )- Consider time to be slotted with the equal length t, i.e., for MPEG 
sources, we can think of t as the frame time. We also divide time into M large intervals whose length is T (see Figure 
5). For the m th interval we obtain the bound of an arriving traffic, as a function of time interval kx. We consider at 
the current time t. Then the bounded amount of the measured traffic over the m tn interval of length T from the current 

4 o time can be obtained as follows: 



X™ = max A[t -mT + n r,t - mT + {n + k)r] (4.1 ) 



for m - 1 , M and k = 1 , — . 

Thus for every T time slot, the T bounded envelope X™ is obtained. From these envelopes we can obtain the average 
X k and the variance of the measured envelopes as follows: 

M 

X*=Yu X > ( 4 - 2 ) 



and 
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AM 

^ 2 =TTlZ(^-^) J (4-3) 

5 

Remark: t, 7", and A/f are the key parameters for the measurement. Choosing an improper choice of t, T, and M may 
lead to inaccurately characterize the arriving aggregate traffic and consequently overestimate the bandwidth required 
by connections. We varied these parameters in our approach and found that our approach is not very sensitive to the 
10 changing. The further discussion of how to choose the parameters can be found in C. Cetinkayaand E. Knightly. Egress 
Admission Control. In Proceedings of IEEE INFO COMM 2000, Tel Aviv, Israel, March 2000; and D. Tse and M. Gross- 
glauser. Measurement-Based Call Admission Control: Analysis and Simulation. In Proceedings of IEEE INFOCOM 
1997, Kobe, Japan, April 1997. 

[0064] We provide an example of an arrival envelope from a simulation experiment in Figure 6(a) and (b). In Figure 
15 6(a), we plot the amount of arrival aggregate traffic as a function of time interval. While Figure 6(b) depicts the arrival 
aggregate rate as a function of time interval. The simulation consists of 120 multiplexed independent MPEG-2 video 
traces. These traces are obtained from the movie "Starship Troopers" ("Starship"). Starship has the peak rate of 1 8.6336 
Mbps and the average rate of 4.26 Mbps. The frame rate of Starship is 30 frames per second. This type of traffic has 
a quite large peak-to-mean ratio, which indicates its significant burstiness. From Figure 6, the arriving envelope and 
20 arrival rate are significantly smaller than the peak envelope and peak rate, respectively. This is due to the statistical 
multiplexing of the traffic aggregate. As the figures show, given a long time interval, the amount of the arriving traffic 
and its arrival rate decrease toward the average rate. 

Measurement of Aggregate Service Envelopes 

25 

[0065] Consider traffic arriving at a DS domain at an ingress node and leaving at an egress node. For measuring 
service envelopes, we assume that the clocks in the domain are synchronized. We consider at the packet system 
where packets are serviced at discrete times rather than continuous times. Each packet arriving at the ingress node 
will be time-stamped. Hence at the egress node, we are able to determine the ingress-to-egress delay of each packet. 
30 Let a, denote the arriving time and dj denote the departure time of the j ih packet. We consider this traffic to be backlogged 
whenever at least one packet in the system. The backlogging condition can be checked by comparing the arriving and 
the departure times of packets. Traffic is continuously backlogged for k packets in the interval [ay, d J+k _^] if 

35 d j+m > ay +m+1 , for all 0 < m < k-2 (4.4) 

for k > 1 . 

Next, let ServEnv is a list containing (x,S k (x)) pairs which represent the amount of time (x) required to service x 
bits when considering the packet j with the' number of backlogged packets = k. Again consider an interval of length T, 
40 which contains the total number of arriving packets, n. For packet j, we consider the delay of the packet and also the 
delay of the packets backlogged after this packet. We thus can define S k (x) as follows: 

Sj(x) = d j+k _, - a y , (4.5) 

45 

for all k > 1 and satisfies the backlogging condition. 

A bounded service envelope can be obtained as follows: 



50 
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Initialize (ServEnv) 
for packet j = 1 to fl 



x(Sj ) < - Size (packet ( j )) 
k < - 2 

while >«y*-i> 



70 Sj <- d.^-Uj 

x(S k j) <- x(Sj" 1 ) + Size (packet (y + fc-1)) 
A < - + 1 
Merge (ServEnv, ( JC(5*) , 5* ) V& , ServEnv) 

15 for Z = (Length(Sm>£rcv) -1) to 0 

if(x[l]< JCp-1]) 

Remove ( xp - 1], S[i - 1]) 
Using ServEnv to plot a service envelope. 

20 

Table 1 Bounded Service Envelope Algorithm 

[0066] Figure 7(a) shows a service envelope of an aggregate of departing traffic obtained from a simulation. The 
simulation consists of a node with a 622-Mbps link and the same number of sources (Starship) used for Figure 6a and 
25 6b. It is noted that the envelope is an increasing function. In addition, Figure 7(b) depicts the slope of the service 
envelope. The slope of the envelope indicates variation of the service rate for the burstiness of the arriving aggregate 
flows. 

Admission Control Algorithm using local effective envelopes 

30 

[0067] 

I. To request the QoS for its traffic from a DS domain, the user submits to a BB its traffic characterization containing 
A\t), QoS requirements, c/and e. 
35 ll/CAC constructs a local effective envelope, L new , based on the submitted parameters by using Eqs. (7) and (8). 

III. CAC then uses the measurement of the average and variance of arriving traffic to construct another local 
effective envelopes, L N , from Eqn. (4). 

IV. CAC finally makes aft admission control decision based on L new , L N , and SQ obtained from Section as follows. 
The request is accepted if the condition in Eqn. (9) is true. q 

40 

Admission Control Algorithm using Global Effective Envelope 
[0068] 

45 |. To request the QoS for its traffic from a DS domain, the user submits to a BB its traffic characterization containing 

AXt), QoS requirements, d and 8. 

I l/CAC constructs a global effective envelope, G new , based on the submitted parameters by using Eqs. (3.8) -(3.11). 
III. CAC then uses the measurement of the average and variance of arriving traffic (obtained from Eqs. (4.2) and 
(4.3) respectively) to construct another global effective envelopes for admitted flows, G N , from Eqs. (3.8)-(3.11). 
50 iv. CAC finally makes an admission control decision based on G new , , and obtainedPfrom Section as follows. 

The request is accepted if the condition in Eqn. (3.12) is true. q 

Evaluation and Simulation Results 

55 [0069] In this section, we evaluate the effectiveness of our CAC condition. We consider that all flows are homoge- 
neous, that is, all flows satisfy the same deterministic envelope and require the same delay QoS guarantee from a DS 
domain. Starship is again used as a traffic source. For simulations, we set the probability of delay violation e = 10 -6 
and vary the delay bound requirement d. We consider a DS domain, which has an egress node with a link capacity of 
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622 Mbps (C = 622 Mbps for all simulations). All links in the domain has the same capacity as of the egress link. Each 
node has a FIFO scheduler. We consider three scenarios where the number of nodes and cross traffic in the domain 
is changed as follows: 

5 I. The DS domain consists of a node without any cross traffic (see Figure 8(a)). 

II. The DS domain consists of two nodes without any cross traffic (see Figure 8(b)). 

III. The DS domain consists of three nodes with some cross traffic (see Figure 8(c)). 

Note that in configuration III, we also use 40 flows of Starship as cross traffic with the same QoS requirements as of 
10 the main traffic. 

[0070] We will evaluate our approach ('Approach') by using the CAC algorithm described above. As the benchmarks 
for our approach, we also investigate two of the following approaches and a set of simulations ('Simulation'). First, we 
consider average rate allocation ('Average Rate'), where the maximum number of admissible flows is determined by 
the link capacity divided by the long-term average rate of each flow and, therefore, the average link utilization for this 
15 approach is unity. Second, we consider the peak rate allocation ('Peak Rate'), where the maximum number of admissible 
flows is determined by the link capacity divided by the peak rate of each flow. For the simulation proposes, each flow 
starts randomly sending traffic into the DS domain. Many simulations are performed. The average result of the simu- 
lation is presented. We compare the average link utilization, U gve , obtained from each approach. U ave is defined as 
follows: 

20 

U =^ — 

ave si 

25 U 

where N is the number of connection admitted to the domain, p y is the long-term average rate of each flow, and C is 
the link capacity at the egress node. 

[0071] Figures 8a-8c show the three scenarios we investigate and the corresponding results where the average link 
30 utilization as a function of the delay bound is depicted. From the results, the link utilization obtained by the simulations 
and our approach is considerably higher than the one obtained by the peak rate allocation. This shows that the simu- 
lations and our approach can exploit the multiplexing gain from the traffic aggregate and, hence, yield the high link 
utilization. For example, from Fig 8(a), for the delay bound of = 10 msec, the simulation and our approach yield 86% 
of the link utilization, respectively. While the peak rate allocation can only obtain 82%. In addition, the results show 
35 that our approach can accurately characterize arriving and departing aggregate traffic. Figures 8(b)-(c) show that our 
approach can obtain the accurate condition of the domain without the knowledge of the underlying topology and cross 
traffic and yield the link utilization close to the simulation results. 

[0072] From the foregoing it will be appreciated that the present invention provides a measurement-based admission 
control algorithm that exploits the global effective envelopes and service envelopes to accurately characterize arriving 

40 and departing traffic aggregate. Based on the measurement, the CAC algorithm is tunable through a set of parameters. 
The algorithm is scalable and can support a variety of service classes. We showed the effectiveness of the CAC 
algorithm by comparing the link utilization obtained by the algorithm to the results from the simulations. While the 
invention has been described in its presently preferred form, it will be understood that the principles of the invention 
may be applied to may application and that implementation details of the algorithm can be varied without departing 

45 from the spirit of the invention as set forth in the appended claims. 



Claims 

50 1. A method of performing admission control of traffic flow in an information network, comprising: 

determining a first effective envelope associated with arriving traffic entering said network; 
determining a second effective envelope associated with admitted traffic currently in said network; 
determining a service curve by measuring departing traffic leaving said network; and 
55 admitting said arriving traffic if the sum of the first and second global effective envelopes is less than or equal 

to said service curve. 

2. The method of claim 1 wherein said first and second envelopes are global effective envelopes. 
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3. The method of claim 1 wherein said second envelopes is a global effective envelopes determined as a function of 
the measured average and variance of the aggregate traffic. 

4. The method of claim 1 wherein said first and second envelopes are local effective envelopes. 

5. The method of claim 1 wherein said second envelopes is a local effective envelopes determined as a function of 
the measured average and variance of the aggregate traffic. 

6. The method of claim 1 wherein said first effective envelope is based on the aggregate of arriving traffic. 

7. The method of claim 6 wherein said aggregate is determined by measuring an aggregate arrival flow at plural time 
intervals and by calculating the average and variance. 

8. The method of claim 1 wherein and second effective envelope is recursively calculated. 

9. The method of claim 1 wherein said service curve is determined based on measured packet delay. 



10. The method of claim 1 wherein said service curve is determined by developing a list of pairs representing the 
amount of time required to service one packet of information and the number of backlogged packets of information 

20 and using said list to determine a bounded service envelope. 

11. A method of performing admission control of traffic flow in an information system, comprising: 

determining a first effective envelope associated with arriving traffic entering said network; 
25 determining a second effective envelope associated with admitted traffic currently in said network; 

determining a service curve by measuring departing traffic leaving said network; and 

admitting said arriving traffic if the sum of the first and second global effective envelopes is less than or equal 
to said service curve. 

30 12. The method of claim 11 wherein said information system is a multi-port switch. 

13. The method of claim 11 wherein said information system is an autonomous network. 

14. The method of claim 11 wherein said information system is a computer network domain. 

35 
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